ims-volte-vowifi
/
strongswan
9
0
Fork 0
Code Pull Requests Releases Activity

ported most of the libstrongswan chunk_t macros to pluto

This commit is contained in:
Andreas Steffen 2009-04-17 16:11:33 +00:00
parent c04e75487f
commit 9b91b81870
27 changed files with 273 additions and 250 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
src/libstrongswan/chunk.h
View File

@ -181,12 +181,12 @@ static inline void chunk_clear(chunk_t *chunk)
/**
* Clone a chunk on heap
*/
#define chunk_clone(chunk) chunk_create_clone((chunk).len ? malloc(chunk.len) : NULL, chunk)
#define chunk_clone(chunk) chunk_create_clone((chunk).len ? malloc((chunk).len) : NULL, chunk)
/**
* Clone a chunk on stack
*/
#define chunk_clonea(chunk) chunk_create_clone(alloca(chunk.len), chunk)
#define chunk_clonea(chunk) chunk_create_clone(alloca((chunk).len), chunk)
/**
* Concatenate chunks into a chunk on heap

2
src/pluto/ac.c
View File

@ -258,7 +258,7 @@ add_ietfAttr(ietfAttr_t *attr)
ietfAttrList_t *el = malloc_thing(ietfAttrList_t);
/* new attribute, unshare value */
attr->value.ptr = clone_bytes(attr->value.ptr, attr->value.len);
attr->value = chunk_clone(attr->value);
attr->count = 1;
time(&attr->installed);

16
src/pluto/asn1.c
View File

@ -33,9 +33,9 @@ static u_char ASN1_INTEGER_0_str[] = { 0x02, 0x00 };
static u_char ASN1_INTEGER_1_str[] = { 0x02, 0x01, 0x01 };
static u_char ASN1_INTEGER_2_str[] = { 0x02, 0x01, 0x02 };
const chunk_t ASN1_INTEGER_0 = strchunk(ASN1_INTEGER_0_str);
const chunk_t ASN1_INTEGER_1 = strchunk(ASN1_INTEGER_1_str);
const chunk_t ASN1_INTEGER_2 = strchunk(ASN1_INTEGER_2_str);
const chunk_t ASN1_INTEGER_0 = chunk_from_buf(ASN1_INTEGER_0_str);
const chunk_t ASN1_INTEGER_1 = chunk_from_buf(ASN1_INTEGER_1_str);
const chunk_t ASN1_INTEGER_2 = chunk_from_buf(ASN1_INTEGER_2_str);
/* some popular algorithmIdentifiers */
@ -69,11 +69,11 @@ static u_char ASN1_rsaEncryption_id_str[] = {
0x05, 0x00
};
const chunk_t ASN1_md5_id = strchunk(ASN1_md5_id_str);
const chunk_t ASN1_sha1_id = strchunk(ASN1_sha1_id_str);
const chunk_t ASN1_rsaEncryption_id = strchunk(ASN1_rsaEncryption_id_str);
const chunk_t ASN1_md5WithRSA_id = strchunk(ASN1_md5WithRSA_id_str);
const chunk_t ASN1_sha1WithRSA_id = strchunk(ASN1_sha1WithRSA_id_str);
const chunk_t ASN1_md5_id = chunk_from_buf(ASN1_md5_id_str);
const chunk_t ASN1_sha1_id = chunk_from_buf(ASN1_sha1_id_str);
const chunk_t ASN1_rsaEncryption_id = chunk_from_buf(ASN1_rsaEncryption_id_str);
const chunk_t ASN1_md5WithRSA_id = chunk_from_buf(ASN1_md5WithRSA_id_str);
const chunk_t ASN1_sha1WithRSA_id = chunk_from_buf(ASN1_sha1WithRSA_id_str);
/* ASN.1 definition of an algorithmIdentifier */

16
src/pluto/ca.c
View File

@ -452,11 +452,9 @@ free_ca_info(ca_info_t* ca_info)
free(ca_info->ldaphost);
free(ca_info->ldapbase);
free(ca_info->ocspuri);
freeanychunk(ca_info->authName);
freeanychunk(ca_info->authKeyID);
freeanychunk(ca_info->authKeySerialNumber);
free(ca_info->authName.ptr);
free(ca_info->authKeyID.ptr);
free(ca_info->authKeySerialNumber.ptr);
free_generalNames(ca_info->crluri, TRUE);
free(ca_info);
}
@ -564,21 +562,19 @@ add_ca_info(const whack_message_t *msg)
ca->name = clone_str(msg->name);
/* authName */
clonetochunk(ca->authName, cacert->subject.ptr, cacert->subject.len);
ca->authName = chunk_clone(cacert->subject);
dntoa(buf, BUF_LEN, ca->authName);
DBG(DBG_CONTROL,
DBG_log("authname: '%s'", buf)
)
/* authSerialNumber */
clonetochunk(ca->authKeySerialNumber, cacert->serialNumber.ptr,
cacert->serialNumber.len);
ca->authKeySerialNumber = chunk_clone(cacert->serialNumber);
/* authKeyID */
if (cacert->subjectKeyID.ptr != NULL)
{
clonetochunk(ca->authKeyID, cacert->subjectKeyID.ptr,
cacert->subjectKeyID.len);
ca->authKeyID = chunk_clone(cacert->subjectKeyID);
datatot(cacert->subjectKeyID.ptr, cacert->subjectKeyID.len, ':'
, buf, BUF_LEN);
DBG(DBG_CONTROL | DBG_PARSING ,

12
src/pluto/connections.c
View File

@ -338,11 +338,11 @@ delete_connection(struct connection *c, bool relations)
free(c->name);
free_id_content(&c->spd.this.id);
free(c->spd.this.updown);
freeanychunk(c->spd.this.ca);
free(c->spd.this.ca.ptr);
free_ietfAttrList(c->spd.this.groups);
free_id_content(&c->spd.that.id);
free(c->spd.that.updown);
freeanychunk(c->spd.that.ca);
free(c->spd.that.ca.ptr);
free_ietfAttrList(c->spd.that.groups);
free_generalNames(c->requested_ca, TRUE);
gw_delref(&c->gw_info);
@ -688,17 +688,13 @@ unshare_connection_strings(struct connection *c)
c->spd.this.updown = clone_str(c->spd.this.updown);
scx_share(c->spd.this.sc);
share_cert(c->spd.this.cert);
if (c->spd.this.ca.ptr != NULL)
clonetochunk(c->spd.this.ca, c->spd.this.ca.ptr, c->spd.this.ca.len);
c->spd.this.ca = chunk_clone(c->spd.this.ca);
unshare_id_content(&c->spd.that.id);
c->spd.that.updown = clone_str(c->spd.that.updown);
scx_share(c->spd.that.sc);
share_cert(c->spd.that.cert);
if (c->spd.that.ca.ptr != NULL)
{
clonetochunk(c->spd.that.ca, c->spd.that.ca.ptr, c->spd.that.ca.len);
}
c->spd.that.ca = chunk_clone(c->spd.that.ca);
/* increment references to algo's */
alg_info_addref((struct alg_info *)c->alg_info_esp);

39
src/pluto/defs.c
View File

@ -29,8 +29,27 @@
#include "log.h"
#include "whack.h" /* for RC_LOG_SERIOUS */
/**
* Empty chunk.
*/
const chunk_t chunk_empty = { NULL, 0 };
/**
* Create a clone of a chunk pointing to "ptr"
*/
chunk_t chunk_create_clone(u_char *ptr, chunk_t chunk)
{
chunk_t clone = chunk_empty;
if (chunk.ptr && chunk.len > 0)
{
clone.ptr = ptr;
clone.len = chunk.len;
memcpy(clone.ptr, chunk.ptr, chunk.len);
}
return clone;
}
bool
all_zero(const unsigned char *m, size_t len)
{
@ -86,17 +105,17 @@ concatenate_paths(const char *a, const char *b)
/* compare two chunks, returns zero if a equals b
* negative/positive if a is earlier/later in the alphabet than b
*/
int
cmp_chunk(chunk_t a, chunk_t b)
int chunk_compare(chunk_t a, chunk_t b)
{
int cmp_len, len, cmp_value;
cmp_len = a.len - b.len;
len = (cmp_len < 0)? a.len : b.len;
cmp_value = memcmp(a.ptr, b.ptr, len);
int compare_len = a.len - b.len;
int len = (compare_len < 0)? a.len : b.len;
return (cmp_value == 0)? cmp_len : cmp_value;
};
if (compare_len != 0 || len == 0)
{
return compare_len;
}
return memcmp(a.ptr, b.ptr, len);
}
/* moves a chunk to a memory position, chunk is freed afterwards
* position pointer is advanced after the insertion point
@ -107,7 +126,7 @@ mv_chunk(u_char **pos, chunk_t content)
if (content.len > 0)
{
chunkcpy(*pos, content);
freeanychunk(content);
free(content.ptr);
}
}

49
src/pluto/defs.h
View File

@ -49,7 +49,8 @@ extern void *clone_bytes(const void *orig, size_t size);
#define clone_str(str) \
((str) == NULL? NULL : strdup(str))
#define replace(p, q) { free(p); (p) = (q); }
#define replace(p, q) \
{ free(p); (p) = (q); }
/* chunk is a simple pointer-and-size abstraction */
@ -60,32 +61,50 @@ struct chunk {
};
typedef struct chunk chunk_t;
#define setchunk(ch, addr, size) { (ch).ptr = (addr); (ch).len = (size); }
extern const chunk_t chunk_empty;
#define strchunk(str) { str, sizeof(str) }
static inline chunk_t chunk_create(u_char *ptr, size_t len)
{
chunk_t chunk = {ptr, len};
return chunk;
}
/* NOTE: freeanychunk NULLs .ptr */
#define freeanychunk(ch) { free((ch).ptr); (ch).ptr = NULL; }
static inline void chunk_free(chunk_t *chunk)
{
free(chunk->ptr);
*chunk = chunk_empty;
}
#define clonetochunk(ch, addr, size) \
{ (ch).ptr = clone_bytes((addr), (ch).len = (size)); }
static inline void chunk_clear(chunk_t *chunk)
{
if (chunk->ptr)
{
memset(chunk->ptr, 0, chunk->len);
chunk_free(chunk);
}
}
#define clonereplacechunk(ch, addr, size) \
{ free((ch).ptr); clonetochunk(ch, addr, size); }
static inline bool chunk_equals(chunk_t a, chunk_t b)
{
return a.ptr != NULL && b.ptr != NULL &&
a.len == b.len && memeq(a.ptr, b.ptr, a.len);
}
extern chunk_t chunk_create_clone(u_char *ptr, chunk_t chunk);
#define chunk_clone(chunk) \
chunk_create_clone((chunk).len ? malloc((chunk).len) : NULL, chunk)
#define chunk_from_buf(str) { str, sizeof(str) }
#define chunkcpy(dst, chunk) \
{ memcpy(dst, chunk.ptr, chunk.len); dst += chunk.len;}
#define same_chunk(a, b) \
( (a).len == (b).len && memcmp((a).ptr, (b).ptr, (b).len) == 0 )
extern char* temporary_cyclic_buffer(void);
extern const char* concatenate_paths(const char *a, const char *b);
extern const chunk_t chunk_empty;
/* compare two chunks */
extern int cmp_chunk(chunk_t a, chunk_t b);
extern int chunk_compare(chunk_t a, chunk_t b);
/* move a chunk to a memory position and free it after insertion */
extern void mv_chunk(u_char **pos, chunk_t content);

16
src/pluto/demux.c
View File

@ -990,7 +990,7 @@ malloc_md(void)
void
release_md(struct msg_digest *md)
{
freeanychunk(md->raw_packet);
chunk_free(&md->raw_packet);
free(md->packet_pbs.start);
md->packet_pbs.start = NULL;
md->next = md_pool;
@ -1793,7 +1793,8 @@ process_packet(struct msg_digest **mdp)
/* XXX Detect weak keys */
/* grab a copy of raw packet (for duplicate packet detection) */
clonetochunk(md->raw_packet, md->packet_pbs.start, pbs_room(&md->packet_pbs));
md->raw_packet = chunk_create(md->packet_pbs.start, pbs_room(&md->packet_pbs));
md->raw_packet = chunk_clone(md->raw_packet);
/* Decrypt everything after header */
if (!new_iv_set)
@ -2137,20 +2138,21 @@ complete_state_transition(struct msg_digest **mdp, stf_status result)
}
else
{
clonetochunk(st->st_rpacket
, md->packet_pbs.start
, pbs_room(&md->packet_pbs));
st->st_rpacket = chunk_create(md->packet_pbs.start,
pbs_room(&md->packet_pbs));
st->st_rpacket = chunk_clone(st->st_rpacket);
}
/* free previous transmit packet */
freeanychunk(st->st_tpacket);
chunk_free(&st->st_tpacket);
/* if requested, send the new reply packet */
if (smc->flags & SMF_REPLY)
{
close_output_pbs(&md->reply); /* good form, but actually a no-op */
clonetochunk(st->st_tpacket, md->reply.start, pbs_offset(&md->reply));
st->st_tpacket = chunk_create(md->reply.start, pbs_offset(&md->reply));
st->st_tpacket = chunk_clone(st->st_tpacket);
if (nat_traversal_enabled)
nat_traversal_change_port_lookup(md, md->st);

3
src/pluto/dnskey.c
View File

@ -927,9 +927,8 @@ process_key_rr(u_char *ptr, size_t len
if (doit)
{
chunk_t k;
chunk_t k = { pbs.cur, pbs_left(&pbs) };
setchunk(k, pbs.cur, pbs_left(&pbs));
TRY(add_public_key(&cr->id, dns_auth_level, PUBKEY_ALG_RSA, &k
, &cr->keys_from_dns));
}

26
src/pluto/fetch.c
View File

@ -341,7 +341,6 @@ fetch_curl(char *url, chunk_t *blob)
plog("fetching uri (%s) with libcurl failed: %s", url, errorbuffer);
}
curl_easy_cleanup(curl);
/* not using freeanychunk because of realloc (no leak detective) */
curl_free(response.ptr);
}
return strlen(errorbuffer) > 0 ? "libcurl error" : NULL;
@ -628,9 +627,8 @@ fetch_crls(bool cache_crls)
}
else
{
chunk_t crl_uri;
chunk_t crl_uri = chunk_clone(gn->name);
clonetochunk(crl_uri, gn->name.ptr, gn->name.len);
if (insert_crl(blob, crl_uri, cache_crls))
{
DBG(DBG_CONTROL,
@ -730,11 +728,10 @@ fetch_ocsp_status(ocsp_location_t* location)
curl_slist_free_all(headers);
curl_easy_cleanup(curl);
free(uri);
/* not using freeanychunk because of realloc (no leak detective) */
curl_free(response.ptr);
}
freeanychunk(location->nonce);
freeanychunk(request);
free(request.ptr);
chunk_free(&location->nonce);
/* increment the trial counter of the unresolved fetch requests */
{
@ -918,7 +915,7 @@ add_distribution_points(const generalName_t *newPoints ,generalName_t **distribu
{
/* clone additional distribution point */
gn = clone_thing(*newPoints);
clonetochunk(gn->name, newPoints->name.ptr, newPoints->name.len);
gn->name = chunk_clone(newPoints->name);
/* insert additional CRL distribution point */
gn->next = *distributionPoints;
@ -940,17 +937,10 @@ build_crl_fetch_request(chunk_t issuer, chunk_t authKeySerialNumber
req->installed = time(NULL);
/* clone fields */
clonetochunk(req->issuer, issuer.ptr, issuer.len);
if (authKeySerialNumber.ptr != NULL)
{
clonetochunk(req->authKeySerialNumber, authKeySerialNumber.ptr
, authKeySerialNumber.len);
}
if (authKeyID.ptr != NULL)
{
clonetochunk(req->authKeyID, authKeyID.ptr, authKeyID.len);
}
req->issuer = chunk_clone(issuer);
req->authKeySerialNumber = chunk_clone(authKeySerialNumber);
req->authKeyID = chunk_clone(authKeyID);
/* copy distribution points */
add_distribution_points(gn, &req->distributionPoints);

8
src/pluto/id.c
View File

@ -145,7 +145,9 @@ set_myFQDN(void)
if (!strcaseeq(FQDN, "localhost.localdomain"))
{
clonetochunk(myids[MYID_HOSTNAME].name, FQDN, strlen(FQDN));
chunk_t myid_name = { FQDN, strlen(FQDN) };
myids[MYID_HOSTNAME].name = chunk_clone(myid_name);
myids[MYID_HOSTNAME].kind = ID_FQDN;
calc_myid_str(MYID_HOSTNAME);
}
@ -365,7 +367,7 @@ unshare_id_content(struct id *id)
case ID_USER_FQDN:
case ID_DER_ASN1_DN:
case ID_KEY_ID:
id->name.ptr = clone_bytes(id->name.ptr, id->name.len);
id->name = chunk_clone(id->name);
break;
case ID_MYID:
case ID_NONE:
@ -386,7 +388,7 @@ free_id_content(struct id *id)
case ID_USER_FQDN:
case ID_DER_ASN1_DN:
case ID_KEY_ID:
freeanychunk(id->name);
free(id->name.ptr);
break;
case ID_MYID:
case ID_NONE:

47
src/pluto/ipsec_doi.c
View File

@ -136,7 +136,7 @@ compute_dh_shared(struct state *st, const chunk_t g
mpz_init(&mp_shared);
mpz_powm(&mp_shared, &mp_g, &st->st_sec, group->modulus);
mpz_clear(&mp_g);
freeanychunk(st->st_shared); /* happens in odd error cases */
free(st->st_shared.ptr); /* happens in odd error cases */
st->st_shared = mpz_to_n(&mp_shared, group->bytes);
mpz_clear(&mp_shared);
gettimeofday(&tv1, NULL);
@ -175,7 +175,7 @@ build_and_ship_KE(struct state *st, chunk_t *g
mpz_init(&mp_g);
mpz_powm(&mp_g, &groupgenerator, &st->st_sec, group->modulus);
freeanychunk(*g); /* happens in odd error cases */
free(g->ptr); /* happens in odd error cases */
*g = mpz_to_n(&mp_g, group->bytes);
mpz_clear(&mp_g);
DBG(DBG_CRYPT,
@ -206,7 +206,9 @@ accept_KE(chunk_t *dest, const char *val_name
/* XXX Could send notification back */
return INVALID_KEY_INFORMATION;
}
clonereplacechunk(*dest, pbs->cur, pbs_left(pbs));
free(dest->ptr);
*dest = chunk_create(pbs->cur, pbs_left(pbs));
*dest = chunk_clone(*dest);
DBG_cond_dump_chunk(DBG_CRYPT, "DH public value received:\n", *dest);
return NOTHING_WRONG;
}
@ -253,8 +255,8 @@ static bool
build_and_ship_nonce(chunk_t *n, pb_stream *outs, u_int8_t np
, const char *name)
{
freeanychunk(*n);
setchunk(*n, malloc(DEFAULT_NONCE_SIZE), DEFAULT_NONCE_SIZE);
free(n->ptr);
*n = chunk_create(malloc(DEFAULT_NONCE_SIZE), DEFAULT_NONCE_SIZE);
get_rnd_bytes(n->ptr, DEFAULT_NONCE_SIZE);
return out_generic_chunk(np, &isakmp_nonce_desc, outs, *n, name);
}
@ -445,7 +447,7 @@ send_notification(struct state *sndst, u_int16_t type, struct state *encst,
{
chunk_t saved_tpacket = sndst->st_tpacket;
setchunk(sndst->st_tpacket, pbs.start, pbs_offset(&pbs));
sndst->st_tpacket = chunk_create(pbs.start, pbs_offset(&pbs));
send_packet(sndst, "ISAKMP notify");
sndst->st_tpacket = saved_tpacket;
}
@ -677,7 +679,7 @@ send_delete(struct state *st)
if (!encrypt_message(&r_hdr_pbs, p1st))
impossible();
setchunk(p1st->st_tpacket, reply_pbs.start, pbs_offset(&reply_pbs));
p1st->st_tpacket = chunk_create(reply_pbs.start, pbs_offset(&reply_pbs));
send_packet(p1st, "delete notify");
p1st->st_tpacket = saved_tpacket;
@ -962,7 +964,8 @@ main_outI1(int whack_sock, struct connection *c, struct state *predecessor
/* save initiator SA for later HASH */
passert(st->st_p1isa.ptr == NULL); /* no leak! (MUST be first time) */
clonetochunk(st->st_p1isa, sa_start, rbody.cur - sa_start);
st->st_p1isa = chunk_create(sa_start, rbody.cur - sa_start);
st->st_p1isa = chunk_clone(st->st_p1isa);
}
/* if enabled send Pluto Vendor ID */
@ -1033,7 +1036,8 @@ main_outI1(int whack_sock, struct connection *c, struct state *predecessor
close_message(&rbody);
close_output_pbs(&reply);
clonetochunk(st->st_tpacket, reply.start, pbs_offset(&reply));
st->st_tpacket = chunk_create(reply.start, pbs_offset(&reply));
st->st_tpacket = chunk_clone(st->st_tpacket);
/* Transmit */
@ -1316,7 +1320,9 @@ generate_skeyids_iv(struct state *st)
}
k = keytemp;
}
clonereplacechunk(st->st_enc_key, k, keysize);
free(st->st_enc_key.ptr);
st->st_enc_key = chunk_create(k, keysize);
st->st_enc_key = chunk_clone(st->st_enc_key);
}
DBG(DBG_CRYPT,
@ -1846,7 +1852,9 @@ accept_nonce(struct msg_digest *md, chunk_t *dest, const char *name)
, name , MINIMUM_NONCE_SIZE, MAXIMUM_NONCE_SIZE);
return PAYLOAD_MALFORMED; /* ??? */
}
clonereplacechunk(*dest, nonce_pbs->cur, len);
free(dest->ptr);
*dest = chunk_create(nonce_pbs->cur, len);
*dest = chunk_clone(*dest);
return NOTHING_WRONG;
}
@ -2203,7 +2211,8 @@ quick_outI1(int whack_sock
}
/* save packet, now that we know its size */
clonetochunk(st->st_tpacket, reply.start, pbs_offset(&reply));
st->st_tpacket = chunk_create(reply.start, pbs_offset(&reply));
st->st_tpacket = chunk_clone(st->st_tpacket);
/* send the packet */
@ -2311,7 +2320,7 @@ decode_cr(struct msg_digest *md, struct connection *c)
continue;
gn = malloc_thing(generalName_t);
clonetochunk(ca_name, ca_name.ptr,ca_name.len);
ca_name = chunk_clone(ca_name);
gn->kind = GN_DIRECTORY_NAME;
gn->name = ca_name;
gn->next = c->requested_ca;
@ -2409,17 +2418,17 @@ decode_peer_id(struct msg_digest *md, struct id *peer)
/* ??? ought to do some more sanity check, but what? */
setchunk(peer->name, id_pbs->cur, pbs_left(id_pbs));
peer->name = chunk_create(id_pbs->cur, pbs_left(id_pbs));
break;
case ID_KEY_ID:
setchunk(peer->name, id_pbs->cur, pbs_left(id_pbs));
peer->name = chunk_create(id_pbs->cur, pbs_left(id_pbs));
DBG(DBG_PARSING,
DBG_dump_chunk("KEY ID:", peer->name));
break;
case ID_DER_ASN1_DN:
setchunk(peer->name, id_pbs->cur, pbs_left(id_pbs));
peer->name = chunk_create(id_pbs->cur, pbs_left(id_pbs));
DBG(DBG_PARSING,
DBG_dump_chunk("DER ASN1 DN:", peer->name));
break;
@ -3221,7 +3230,9 @@ main_inI1_outR1(struct msg_digest *md)
close_message(&md->rbody);
/* save initiator SA for HASH */
clonereplacechunk(st->st_p1isa, sa_pd->pbs.start, pbs_room(&sa_pd->pbs));
free(st->st_p1isa.ptr);
st->st_p1isa = chunk_create(sa_pd->pbs.start, pbs_room(&sa_pd->pbs));
st->st_p1isa = chunk_clone(st->st_p1isa);
return STF_OK;
}
@ -5332,7 +5343,7 @@ send_isakmp_notification(struct state *st, u_int16_t type
{
chunk_t saved_tpacket = st->st_tpacket;
setchunk(st->st_tpacket, reply.start, pbs_offset(&reply));
st->st_tpacket = chunk_create(reply.start, pbs_offset(&reply));
send_packet(st, "ISAKMP notify");
st->st_tpacket = saved_tpacket;
}

2
src/pluto/kernel.c
View File

@ -1467,7 +1467,7 @@ scan_proc_shunts(void)
cp += strspn(cp, sep); /* find start of field */
w = strcspn(cp, sep); /* find width of field */
setchunk(field[fi], cp, w);
field[fi] = chunk_create(cp, w);
cp += w;
if (w == 0)
break;

47
src/pluto/keys.c
View File

@ -120,8 +120,8 @@ static void
free_public_key(pubkey_t *pk)
{
free_id_content(&pk->id);
freeanychunk(pk->issuer);
freeanychunk(pk->serial);
free(pk->issuer.ptr);
free(pk->serial.ptr);
/* algorithm-specific freeing */
switch (pk->alg)
@ -411,7 +411,9 @@ process_psk_secret(chunk_t *psk)
if (*tok == '"' || *tok == '\'')
{
clonetochunk(*psk, tok+1, flp->cur - tok - 2);
chunk_t secret = { tok + 1, flp->cur - tok -2 };
*psk = chunk_clone(secret);
(void) shift();
}
else
@ -428,7 +430,8 @@ process_psk_secret(chunk_t *psk)
}
else
{
clonetochunk(*psk, buf, sz);
chunk_t secret = { buf, sz };
*psk = chunk_clone(secret);
(void) shift();
}
}
@ -488,7 +491,7 @@ process_rsa_secret(RSA_private_key_t *rsak)
if (eb_next - ebytes + sz > sizeof(ebytes))
return "public key takes too many bytes";
setchunk(*pb_next, eb_next, sz);
*pb_next = chunk_create(eb_next, sz);
memcpy(eb_next, buf, sz);
eb_next += sz;
pb_next++;
@ -609,8 +612,7 @@ process_xauth(secret_t *s)
plog(" loaded xauth credentials of user '%.*s'"
, user_name.len
, user_name.ptr);
clonetochunk(s->u.xauth_secret.user_name
, user_name.ptr, user_name.len);
s->u.xauth_secret.user_name = chunk_clone(user_name);
if (!shift())
return "missing xauth user password";
@ -657,10 +659,10 @@ xauth_verify_secret(const xauth_peer_t *peer, const xauth_t *xauth_secret)
{
if (s->kind == PPK_XAUTH)
{
if (!same_chunk(xauth_secret->user_name, s->u.xauth_secret.user_name))
if (!chunk_equals(xauth_secret->user_name, s->u.xauth_secret.user_name))
continue;
found = TRUE;
if (same_chunk(xauth_secret->user_password, s->u.xauth_secret.user_password))
if (chunk_equals(xauth_secret->user_password, s->u.xauth_secret.user_password))
return TRUE;
}
}
@ -736,14 +738,19 @@ process_pin(secret_t *s, int whackfd)
}
else if (tokeqword("%pinpad"))
{
chunk_t empty_pin = { "", 0 };
shift();
/* pin will be entered via pin pad during verification */
clonetochunk(sc->pin, "", 0);
sc->pin = chunk_clone(empty_pin);
sc->pinpad = TRUE;
sc->valid = TRUE;
pin_status = "pin entry via pad";
if (pkcs11_keep_state)
{
scx_verify_pin(sc);
}
}
else
{
@ -937,7 +944,7 @@ process_secret_records(int whackfd)
zero(s);
s->ids = NULL;
s->kind = PPK_PSK; /* default */
setchunk(s->u.preshared_secret, NULL, 0);
s->u.preshared_secret = chunk_empty;
s->next = NULL;
for (;;)
@ -1239,16 +1246,18 @@ unpack_RSA_public_key(RSA_public_key_t *rsa, const chunk_t *pubkey)
if (pubkey->ptr[0] != 0x00)
{
setchunk(exp, pubkey->ptr + 1, pubkey->ptr[0]);
exp = chunk_create(pubkey->ptr + 1, pubkey->ptr[0]);
}
else
{
setchunk(exp, pubkey->ptr + 3
, (pubkey->ptr[1] << BITS_PER_BYTE) + pubkey->ptr[2]);
exp = chunk_create(pubkey->ptr + 3,
(pubkey->ptr[1] << BITS_PER_BYTE) + pubkey->ptr[2]);
}
if (pubkey->len - (exp.ptr - pubkey->ptr) < exp.len + RSA_MIN_OCTETS_RFC)
{
return "RSA public key blob too short";
}
mod.ptr = exp.ptr + exp.len;
mod.len = &pubkey->ptr[pubkey->len] - mod.ptr;
@ -1284,16 +1293,10 @@ install_public_key(pubkey_t *pk, pubkey_list_t **head)
unshare_id_content(&pk->id);
/* copy issuer dn */
if (pk->issuer.ptr != NULL)
{
pk->issuer.ptr = clone_bytes(pk->issuer.ptr, pk->issuer.len);
}
pk->issuer = chunk_clone(pk->issuer);
/* copy serial number */
if (pk->serial.ptr != NULL)
{
pk->serial.ptr = clone_bytes(pk->serial.ptr, pk->serial.len);
}
pk->serial = chunk_clone(pk->serial);
/* store the time the public key was installed */
time(&pk->installed_time);

19
src/pluto/modecfg.c
View File

@ -530,8 +530,9 @@ modecfg_send_msg(struct state *st, int isama_type, internal_addr_t *ia)
, 0 /* XXX isama_id */
);
freeanychunk(st->st_tpacket);
clonetochunk(st->st_tpacket, msg.start, pbs_offset(&msg));
free(st->st_tpacket.ptr);
st->st_tpacket = chunk_create(msg.start, pbs_offset(&msg));
st->st_tpacket = chunk_clone(st->st_tpacket);
/* Transmit */
send_packet(st, "ModeCfg msg");
@ -675,11 +676,11 @@ modecfg_parse_attributes(pb_stream *attrs, internal_addr_t *ia)
ia->xauth_attr_set |= LELEM(attr_type - XAUTH_BASE);
break;
case XAUTH_USER_NAME:
setchunk(ia->xauth_secret.user_name, strattr.cur, attr_len);
ia->xauth_secret.user_name = chunk_create(strattr.cur, attr_len);
ia->xauth_attr_set |= LELEM(attr_type - XAUTH_BASE);
break;
case XAUTH_USER_PASSWORD:
setchunk(ia->xauth_secret.user_password, strattr.cur, attr_len);
ia->xauth_secret.user_password = chunk_create(strattr.cur, attr_len);
ia->xauth_attr_set |= LELEM(attr_type - XAUTH_BASE);
break;
case XAUTH_STATUS:
@ -1092,8 +1093,9 @@ xauth_inI0(struct msg_digest *md)
else
{
/* send XAUTH reply msg and then delete ISAKMP SA */
freeanychunk(st->st_tpacket);
clonetochunk(st->st_tpacket, md->reply.start, pbs_offset(&md->reply));
free(st->st_tpacket.ptr);
st->st_tpacket = chunk_create(md->reply.start, pbs_offset(&md->reply));
st->st_tpacket = chunk_clone(st->st_tpacket);
send_packet(st, "XAUTH reply msg");
delete_state(st);
return STF_IGNORE;
@ -1223,8 +1225,9 @@ xauth_inI1(struct msg_digest *md)
else
{
/* send XAUTH ack msg and then delete ISAKMP SA */
freeanychunk(st->st_tpacket);
clonetochunk(st->st_tpacket, md->reply.start, pbs_offset(&md->reply));
free(st->st_tpacket.ptr);
st->st_tpacket = chunk_create(md->reply.start, pbs_offset(&md->reply));
st->st_tpacket = chunk_clone(st->st_tpacket);
send_packet(st, "XAUTH ack msg");
delete_state(st);
return STF_IGNORE;

6
src/pluto/nat_traversal.c
View File

@ -575,14 +575,14 @@ static void nat_traversal_send_ka (struct state *st)
)
/* save state chunk */
setchunk(sav, st->st_tpacket.ptr, st->st_tpacket.len);
sav = st->st_tpacket;
/* send keep alive */
setchunk(st->st_tpacket, &ka_payload, 1);
st->st_tpacket = chunk_create(&ka_payload, 1);
send_packet(st, "NAT-T Keep Alive");
/* restore state chunk */
setchunk(st->st_tpacket, sav.ptr, sav.len);
st->st_tpacket = sav;
}
/**

78
src/pluto/ocsp.c
View File

@ -131,13 +131,13 @@ static u_char ASN1_nonce_oid_str[] = {
0x06, 0x09, 0x2B, 0x06, 0x01, 0x05, 0x05, 0x07, 0x30, 0x01, 0x02
};
static const chunk_t ASN1_nonce_oid = strchunk(ASN1_nonce_oid_str);
static const chunk_t ASN1_nonce_oid = chunk_from_buf(ASN1_nonce_oid_str);
static u_char ASN1_response_oid_str[] = {
0x06, 0x09, 0x2B, 0x06, 0x01, 0x05, 0x05, 0x07, 0x30, 0x01, 0x04
};
static const chunk_t ASN1_response_oid = strchunk(ASN1_response_oid_str);
static const chunk_t ASN1_response_oid = chunk_from_buf(ASN1_response_oid_str);
static u_char ASN1_response_content_str[] = {
0x04, 0x0D,
@ -145,7 +145,7 @@ static u_char ASN1_response_content_str[] = {
0x06, 0x09, 0x2B, 0x06, 0x01, 0x05, 0x05, 0x07, 0x30, 0x01, 0x01
};
static const chunk_t ASN1_response_content = strchunk(ASN1_response_content_str);
static const chunk_t ASN1_response_content = chunk_from_buf(ASN1_response_content_str);
/* default OCSP uri */
static chunk_t ocsp_default_uri;
@ -295,13 +295,16 @@ build_ocsp_location(const x509cert_t *cert, ocsp_location_t *location)
ca_info_t *ca = get_ca_info(cert->issuer, cert->authKeySerialNumber
, cert->authKeyID);
if (ca != NULL && ca->ocspuri != NULL)
setchunk(location->uri, ca->ocspuri, strlen(ca->ocspuri))
{
location->uri = chunk_create(ca->ocspuri, strlen(ca->ocspuri));
}
else
/* abort if no ocsp location uri is defined */
{ /* abort if no ocsp location uri is defined */
return FALSE;
}
}
setchunk(location->authNameID, digest, SHA1_DIGEST_SIZE);
location->authNameID = chunk_create(digest, SHA1_DIGEST_SIZE);
compute_digest(cert->issuer, OID_SHA1, &location->authNameID);
location->next = NULL;
@ -337,7 +340,7 @@ same_ocsp_location(const ocsp_location_t *a, const ocsp_location_t *b)
? same_keyid(a->authKeyID, b->authKeyID)
: (same_dn(a->issuer, b->issuer)
&& same_serial(a->authKeySerialNumber, b->authKeySerialNumber)))
&& same_chunk(a->uri, b->uri);
&& chunk_equals(a->uri, b->uri);
}
/*
@ -378,7 +381,7 @@ get_ocsp_status(const ocsp_location_t *loc, chunk_t serialNumber
while (certinfo != NULL)
{
cmp = cmp_chunk(serialNumber, certinfo->serialNumber);
cmp = chunk_compare(serialNumber, certinfo->serialNumber);
if (cmp <= 0)
break;
certinfop = &certinfo->next;
@ -488,7 +491,7 @@ check_ocsp(void)
static void
free_certinfo(ocsp_certinfo_t *certinfo)
{
freeanychunk(certinfo->serialNumber);
free(certinfo->serialNumber.ptr);
free(certinfo);
}
@ -514,11 +517,11 @@ free_certinfos(ocsp_certinfo_t *chain)
static void
free_ocsp_location(ocsp_location_t* location)
{
freeanychunk(location->issuer);
freeanychunk(location->authNameID);
freeanychunk(location->authKeyID);
freeanychunk(location->authKeySerialNumber);
freeanychunk(location->uri);
free(location->issuer.ptr);
free(location->authNameID.ptr);
free(location->authKeyID.ptr);
free(location->authKeySerialNumber.ptr);
free(location->uri.ptr);
free_certinfos(location->certinfo);
free(location);
}
@ -792,7 +795,7 @@ build_signature(chunk_t tbsRequest)
sigdata = generate_signature(digest_info
, ocsp_requestor_sc
, ocsp_requestor_pri);
freeanychunk(digest_info);
free(digest_info.ptr);
/* has the RSA signature generation been successful? */
if (sigdata.ptr == NULL)
@ -1154,10 +1157,9 @@ parse_basic_ocsp_response(chunk_t blob, int level0, response_t *res)
break;
case BASIC_RESPONSE_CERTIFICATE:
{
chunk_t blob;
chunk_t blob = chunk_clone(object);
x509cert_t *cert = malloc_thing(x509cert_t);
clonetochunk(blob, object.ptr, object.len);
*cert = empty_x509cert;
if (parse_x509cert(blob, level+1, cert)
@ -1327,30 +1329,11 @@ add_ocsp_location(const ocsp_location_t *loc, ocsp_location_t **chain)
ocsp_location_t *location = malloc_thing(ocsp_location_t);
/* unshare location fields */
clonetochunk(location->issuer, loc->issuer.ptr, loc->issuer.len);
clonetochunk(location->authNameID, loc->authNameID.ptr, loc->authNameID.len);
if (loc->authKeyID.ptr == NULL)
{
location->authKeyID = chunk_empty;
}
else
{
clonetochunk(location->authKeyID, loc->authKeyID.ptr, loc->authKeyID.len);
}
if (loc->authKeySerialNumber.ptr == NULL)
{
location->authKeySerialNumber = chunk_empty;
}
else
{
clonetochunk(location->authKeySerialNumber
, loc->authKeySerialNumber.ptr, loc->authKeySerialNumber.len);
}
clonetochunk(location->uri, loc->uri.ptr, loc->uri.len);
location->issuer = chunk_clone(loc->issuer);
location->authNameID = chunk_clone(loc->authNameID);
location->authKeyID = chunk_clone(loc->authKeyID);
location->authKeySerialNumber = chunk_clone(loc->authKeySerialNumber);
location->uri = chunk_clone(loc->uri);
location->certinfo = NULL;
/* insert new ocsp location in front of chain */
@ -1387,7 +1370,7 @@ add_certinfo(ocsp_location_t *loc, ocsp_certinfo_t *info, ocsp_location_t **chai
while (certinfo != NULL)
{
cmp = cmp_chunk(info->serialNumber, certinfo->serialNumber);
cmp = chunk_compare(info->serialNumber, certinfo->serialNumber);
if (cmp <= 0)
break;
certinfop = &certinfo->next;
@ -1398,7 +1381,8 @@ add_certinfo(ocsp_location_t *loc, ocsp_certinfo_t *info, ocsp_location_t **chai
{
/* add a new certinfo entry */
ocsp_certinfo_t *cnew = malloc_thing(ocsp_certinfo_t);
clonetochunk(cnew->serialNumber, info->serialNumber.ptr, info->serialNumber.len);
cnew->serialNumber = chunk_clone(info->serialNumber);
cnew->next = certinfo;
*certinfop = cnew;
certinfo = cnew;
@ -1454,8 +1438,8 @@ process_single_response(ocsp_location_t *location, single_response_t *sres)
plog("only SHA-1 hash supported in OCSP single response");
return;
}
if (!(same_chunk(sres->issuer_name_hash, location->authNameID)
&& same_chunk(sres->issuer_key_hash, location->authKeyID)))
if (!(chunk_equals(sres->issuer_name_hash, location->authNameID)
&& chunk_equals(sres->issuer_key_hash, location->authKeyID)))
{
plog("ocsp single response has wrong issuer");
return;
@ -1467,7 +1451,7 @@ process_single_response(ocsp_location_t *location, single_response_t *sres)
while (certinfo != NULL)
{
cmp = cmp_chunk(sres->serialNumber, certinfo->serialNumber);
cmp = chunk_compare(sres->serialNumber, certinfo->serialNumber);
if (cmp <= 0)
break;
certinfop = &certinfo->next;
@ -1522,7 +1506,7 @@ parse_ocsp(ocsp_location_t *location, chunk_t blob)
plog("ocsp response contains no nonce, replay attack possible");
}
/* check if the nonce is identical */
if (res.nonce.ptr != NULL && !same_chunk(res.nonce, location->nonce))
if (res.nonce.ptr != NULL && !chunk_equals(res.nonce, location->nonce))
{
plog("invalid nonce in ocsp response");
return;

2
src/pluto/pem.c
View File

@ -286,7 +286,7 @@ pem_decrypt(chunk_t *blob, chunk_t *iv, prompt_pass_t *pass, const char* label)
return ugh;
}
clonetochunk(blob_copy, blob->ptr, blob->len);
blob_copy = chunk_clone(*blob);
if (pem_decrypt_3des(blob, iv, pass->secret))
{

11
src/pluto/pkcs1.c
View File

@ -491,7 +491,7 @@ RSA_encrypt(const RSA_public_key_t *key, chunk_t in)
bool
RSA_decrypt(const RSA_private_key_t *key, chunk_t in, chunk_t *out)
{
chunk_t padded;
chunk_t padded, plaintext;
u_char *pos;
mpz_t t1, t2;
@ -530,7 +530,7 @@ RSA_decrypt(const RSA_private_key_t *key, chunk_t in, chunk_t *out)
if ((*pos++ != 0x00) || (*(pos++) != 0x02))
{
plog("incorrect padding - probably wrong RSA key");
freeanychunk(padded);
chunk_clear(&padded);
return FALSE;
}
padded.len -= 2;
@ -541,12 +541,13 @@ RSA_decrypt(const RSA_private_key_t *key, chunk_t in, chunk_t *out)
if (padded.len == 0)
{
plog("no plaintext data");
freeanychunk(padded);
free(padded.ptr);
return FALSE;
}
clonetochunk(*out, pos, padded.len);
freeanychunk(padded);
plaintext = chunk_create(pos, padded.len);
*out = chunk_clone(plaintext);
chunk_clear(&padded);
return TRUE;
}

38
src/pluto/pkcs7.c
View File

@ -155,17 +155,17 @@ static char ASN1_pkcs7_encrypted_data_oid_str[] = {
};
static const chunk_t ASN1_pkcs7_data_oid =
strchunk(ASN1_pkcs7_data_oid_str);
chunk_from_buf(ASN1_pkcs7_data_oid_str);
static const chunk_t ASN1_pkcs7_signed_data_oid =
strchunk(ASN1_pkcs7_signed_data_oid_str);
chunk_from_buf(ASN1_pkcs7_signed_data_oid_str);
static const chunk_t ASN1_pkcs7_enveloped_data_oid =
strchunk(ASN1_pkcs7_enveloped_data_oid_str);
chunk_from_buf(ASN1_pkcs7_enveloped_data_oid_str);
static const chunk_t ASN1_pkcs7_signed_enveloped_data_oid =
strchunk(ASN1_pkcs7_signed_enveloped_data_oid_str);
chunk_from_buf(ASN1_pkcs7_signed_enveloped_data_oid_str);
static const chunk_t ASN1_pkcs7_digested_data_oid =
strchunk(ASN1_pkcs7_digested_data_oid_str);
chunk_from_buf(ASN1_pkcs7_digested_data_oid_str);
static const chunk_t ASN1_pkcs7_encrypted_data_oid =
strchunk(ASN1_pkcs7_encrypted_data_oid_str);
chunk_from_buf(ASN1_pkcs7_encrypted_data_oid_str);
/* 3DES and DES encryption OIDs */
@ -178,9 +178,9 @@ static u_char ASN1_des_cbc_oid_str[] = {
};
static const chunk_t ASN1_3des_ede_cbc_oid =
strchunk(ASN1_3des_ede_cbc_oid_str);
chunk_from_buf(ASN1_3des_ede_cbc_oid_str);
static const chunk_t ASN1_des_cbc_oid =
strchunk(ASN1_des_cbc_oid_str);
chunk_from_buf(ASN1_des_cbc_oid_str);
/* PKCS#7 attribute type OIDs */
@ -193,9 +193,9 @@ static u_char ASN1_messageDigest_oid_str[] = {
};
static const chunk_t ASN1_contentType_oid =
strchunk(ASN1_contentType_oid_str);
chunk_from_buf(ASN1_contentType_oid_str);
static const chunk_t ASN1_messageDigest_oid =
strchunk(ASN1_messageDigest_oid_str);
chunk_from_buf(ASN1_messageDigest_oid_str);
/*
* Parse PKCS#7 ContentInfo object
@ -283,11 +283,9 @@ pkcs7_parse_signedData(chunk_t blob, contentInfo_t *data, x509cert_t **cert
case PKCS7_SIGNED_CERT:
if (cert != NULL)
{
chunk_t cert_blob;
chunk_t cert_blob = chunk_clone(object);
x509cert_t *newcert = malloc_thing(x509cert_t);
clonetochunk(cert_blob, object.ptr, object.len);
*newcert = empty_x509cert;
DBG(DBG_CONTROL | DBG_PARSING,
@ -431,7 +429,7 @@ pkcs7_parse_envelopedData(chunk_t blob, chunk_t *data
)
break;
case PKCS7_SERIAL_NUMBER:
if (!same_chunk(serialNumber, object))
if (!chunk_equals(serialNumber, object))
{
plog("serial numbers do not match");
goto failed;
@ -561,11 +559,11 @@ pkcs7_parse_envelopedData(chunk_t blob, chunk_t *data
}
}
}
freeanychunk(symmetric_key);
chunk_clear(&symmetric_key);
return TRUE;
failed:
freeanychunk(symmetric_key);
chunk_clear(&symmetric_key);
free(data->ptr);
return FALSE;
}
@ -677,7 +675,7 @@ pkcs7_build_signedData(chunk_t data, chunk_t attributes, const x509cert_t *cert
{
encryptedDigest = pkcs1_build_signature(attributes, digest_alg
, key, FALSE);
clonetochunk(authenticatedAttributes, attributes.ptr, attributes.len);
authenticatedAttributes = chunk_clone(attributes);
*authenticatedAttributes.ptr = ASN1_CONTEXT_C_0;
}
else
@ -712,8 +710,8 @@ pkcs7_build_signedData(chunk_t data, chunk_t attributes, const x509cert_t *cert
DBG_dump_chunk("signedData:\n", cInfo)
)
freeanychunk(pkcs7Data.content);
freeanychunk(signedData.content);
free(pkcs7Data.content.ptr);
free(signedData.content.ptr);
return cInfo;
}
@ -853,7 +851,7 @@ pkcs7_build_envelopedData(chunk_t data, const x509cert_t *cert, int cipher)
)
free_RSA_public_content(&public_key);
freeanychunk(envelopedData.content);
free(envelopedData.content.ptr);
return cInfo;
}
}

8
src/pluto/smartcard.c
View File

@ -1479,9 +1479,12 @@ scx_encrypt(smartcard_t *sc, const u_char *in, size_t inlen
memcpy(out, cipher_text.ptr, cipher_text.len);
*outlen = cipher_text.len;
freeanychunk(cipher_text);
free(cipher_text.ptr);
if (!pkcs11_keep_state)
{
scx_release_context(sc);
}
return TRUE;
}
else
@ -1759,7 +1762,8 @@ scx_get_pin(smartcard_t *sc, int whackfd)
/* verify the pin */
if (scx_verify_pin(sc))
{
clonetochunk(sc->pin, pin, strlen(pin));
sc->pin = chunk_create(pin, strlen(pin));
sc->pin = chunk_clone(sc->pin);
break;
}

14
src/pluto/state.c
View File

@ -537,16 +537,10 @@ duplicate_state(struct state *st)
nst->st_clonedfrom = st->st_serialno;
nst->st_oakley = st->st_oakley;
nst->st_modecfg = st->st_modecfg;
# define clone_chunk(ch) \
clonetochunk(nst->ch, st->ch.ptr, st->ch.len)
clone_chunk(st_skeyid_d);
clone_chunk(st_skeyid_a);
clone_chunk(st_skeyid_e);
clone_chunk(st_enc_key);
# undef clone_chunk
nst->st_skeyid_d = chunk_clone(st->st_skeyid_d);
nst->st_skeyid_a = chunk_clone(st->st_skeyid_a);
nst->st_skeyid_e = chunk_clone(st->st_skeyid_e);
nst->st_enc_key = chunk_clone(st->st_enc_key);
return nst;
}

8
src/pluto/x509.c
View File

@ -394,7 +394,7 @@ static u_char ASN1_subjectAltName_oid_str[] = {
0x06, 0x03, 0x55, 0x1D, 0x11
};
static const chunk_t ASN1_subjectAltName_oid = strchunk(ASN1_subjectAltName_oid_str);
static const chunk_t ASN1_subjectAltName_oid = chunk_from_buf(ASN1_subjectAltName_oid_str);
static void
update_chunk(chunk_t *ch, int n)
@ -987,7 +987,7 @@ match_dn(chunk_t a, chunk_t b, int *wildcards)
bool
same_x509cert(const x509cert_t *a, const x509cert_t *b)
{
return same_chunk(a->signature, b->signature);
return chunk_equals(a->signature, b->signature);
}
/* for each link pointing to the certificate
@ -1083,7 +1083,7 @@ same_keyid(chunk_t a, chunk_t b)
{
return FALSE;
}
return same_chunk(a, b);
return chunk_equals(a, b);
}
/*
@ -1097,7 +1097,7 @@ same_serial(chunk_t a, chunk_t b)
{
return TRUE;
}
return same_chunk(a, b);
return chunk_equals(a, b);
}
/*

6
src/scepclient/pkcs10.c
View File

@ -43,13 +43,13 @@ static u_char ASN1_challengePassword_oid_str[] = {
0x06,0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x07
};
static const chunk_t ASN1_challengePassword_oid = strchunk(ASN1_challengePassword_oid_str);
static const chunk_t ASN1_challengePassword_oid = chunk_from_buf(ASN1_challengePassword_oid_str);
static u_char ASN1_extensionRequest_oid_str[] = {
0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x0E
};
static const chunk_t ASN1_extensionRequest_oid = strchunk(ASN1_extensionRequest_oid_str);
static const chunk_t ASN1_extensionRequest_oid = chunk_from_buf(ASN1_extensionRequest_oid_str);
/**
* @brief Adds a subjectAltName in DER-coded form to a linked list
@ -214,7 +214,7 @@ pkcs10_free(pkcs10_t *pkcs10)
{
if (pkcs10 != NULL)
{
freeanychunk(pkcs10->request);
free(pkcs10->request.ptr);
free(pkcs10);
}
}

6
src/scepclient/rsakey.c
View File

@ -321,10 +321,12 @@ generate_rsa_private_key(int nbits, RSA_private_key_t *key)
size_t n_len = (mpz_sizeinbase(n,2)+BITS_PER_BYTE-1)/BITS_PER_BYTE;
chunk_t e_ch = mpz_to_n(e, e_len);
chunk_t n_ch = mpz_to_n(n, n_len);
form_keyid(e_ch, n_ch, key->pub.keyid, &key->pub.k);
freeanychunk(e_ch);
freeanychunk(n_ch);
free(e_ch.ptr);
free(n_ch.ptr);
}
/* fill in the elements of the RSA private key */
key->p = *p;
key->q = *q;

12
src/scepclient/scep.c
View File

@ -53,11 +53,11 @@ static char ASN1_transId_oid_str[] = {
};
static const chunk_t ASN1_messageType_oid =
strchunk(ASN1_messageType_oid_str);
chunk_from_buf(ASN1_messageType_oid_str);
static const chunk_t ASN1_senderNonce_oid =
strchunk(ASN1_senderNonce_oid_str);
chunk_from_buf(ASN1_senderNonce_oid_str);
static const chunk_t ASN1_transId_oid =
strchunk(ASN1_transId_oid_str);
chunk_from_buf(ASN1_transId_oid_str);
static const char *pkiStatus_values[] = { "0", "2", "3" };
@ -395,8 +395,8 @@ scep_build_request(chunk_t data, chunk_t transID, scep_msg_t msg
request = pkcs7_build_signedData(envelopedData, attributes
, signer_cert, digest_alg, private_key);
freeanychunk(envelopedData);
freeanychunk(attributes);
free(envelopedData.ptr);
free(attributes.ptr);
return request;
}
@ -590,7 +590,7 @@ scep_parse_response(chunk_t response, chunk_t transID, contentInfo_t *data
{
return "error parsing the scep response attributes";
}
if (!same_chunk(transID, attrs->transID))
if (!chunk_equals(transID, attrs->transID))
{
return "transaction ID of scep response does not match";
}

28
src/scepclient/scepclient.c
View File

@ -148,21 +148,21 @@ exit_scepclient(err_t message, ...)
free_RSA_private_content(private_key);
free(private_key);
}
freeanychunk(pkcs1);
freeanychunk(pkcs7);
freeanychunk(subject);
freeanychunk(serialNumber);
freeanychunk(transID);
freeanychunk(fingerprint);
freeanychunk(issuerAndSubject);
freeanychunk(getCertInitial);
if (scep_response.ptr != NULL)
free(scep_response.ptr);
free(pkcs1.ptr);
free(pkcs7.ptr);
free(subject.ptr);
free(serialNumber.ptr);
free(transID.ptr);
free(fingerprint.ptr);
free(issuerAndSubject.ptr);
free(getCertInitial.ptr);
free(scep_response.ptr);
free_generalNames(subjectAltNames, TRUE);
if (x509_signer != NULL)
{
x509_signer->subjectAltName = NULL;
}
free_x509cert(x509_signer);
free_x509cert(x509_ca_enc);
free_x509cert(x509_ca_sig);
@ -801,7 +801,7 @@ int main(int argc, char **argv)
exit_scepclient(ugh);
}
clonetochunk(subject, dn.ptr, dn.len);
subject = chunk_clone(dn);
DBG(DBG_CONTROL,
DBG_log("building pkcs10 object:")
@ -1007,7 +1007,7 @@ int main(int argc, char **argv)
DBG_log("transaction ID: %.*s", (int)transID.len, transID.ptr)
)
freeanychunk(getCertInitial);
chunk_free(&getCertInitial);
getCertInitial = scep_build_request(issuerAndSubject
, transID, SCEP_GetCertInitial_MSG
, x509_ca_enc, pkcs7_symmetric_cipher
@ -1047,7 +1047,7 @@ int main(int argc, char **argv)
{
exit_scepclient("error parsing the scep response");
}
freeanychunk(certData);
chunk_free(&certData);
/* store the end entity certificate */
path = concatenate_paths(HOST_CERT_PATH, file_out_cert);